Re: The value of web.config RSA encryption


Hi Allen, Yes I did. Thanks...Max
"Allen Chen [MSFT]" <v-alchen@xxxxxxxxxxxxxxxxxxxx> wrote in message news:1Qnf8MCOJHA.1672@xxxxxxxxxxxxxxxxxxxxxxxxx
Hi Max,

Have you got the expected answer?

Regards,
Allen Chen
Microsoft Online Support

--------------------
| From: "Max2006" <alanalan1@xxxxxxxxxxxxxxxx>
| Subject: The value of web.config RSA encryption
| Date: Wed, 22 Oct 2008 12:18:43 -0400
| Lines: 1
| Message-ID: <0902B0FB-5B0C-4C57-B472-0D309882E5FE@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| format=flowed;
| charset="iso-8859-1";
| reply-type=original
| Content-Transfer-Encoding: 7bit
| X-Priority: 3
| X-MSMail-Priority: Normal
| Importance: Normal
| X-Newsreader: Microsoft Windows Live Mail 12.0.1606
| X-MimeOLE: Produced By Microsoft MimeOLE V12.0.1606
| X-MS-CommunityGroup-PostID: {0902B0FB-5B0C-4C57-B472-0D309882E5FE}
| X-MS-CommunityGroup-MessageCategory:
{E4FCE0A9-75B4-4168-BFF9-16C22D8747EC}
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.dotnet.framework.aspnet:78371
| NNTP-Posting-Host: TK2MSFTNGHUB02.phx.gbl 127.0.0.1
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| Hi,
|
| In our production environment, we would like to protect our database
| connection string against system administrators (they are admin on the
web
| server box)
| I went through this article that describes options how to encrypt the
| connection string section within the web.config:
|
| http://msdn.microsoft.com/en-us/library/ms998283.aspx
|
| The article explains that aspnet_regiis -pdf can easily decrypt the
| web.config back to clear text situation. That means administrator can
| decrypt all database connection strings. So there is not much point for
| encrypting the web.config for us.
|
| I wonder if there is any technique, so the decryption won't be easy (like
| using a salt or secondary key that only web application knows)
|
| Any help would be appreciated,
| Max
|
|

.

Relevant Pages

  • RE: The value of web.config RSA encryption
    ... Microsoft Online Support ... The value of web.config RSA encryption ... | connection string against system administrators (they are admin on the ... | decrypt all database connection strings. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: vbEncrypt Function
    ... I would strongly urge using the CryptoAPI as specified by Microsoft. ... Debian & Ubuntu Linux Weak Encryption Keys ... How to encrypt a string in Visual Basic 6.0 and how to decrypt the string in Visual ... Tony Toews, Microsoft Access MVP ...
    (comp.databases.ms-access)
  • Re: Security in windows forms apps
    ... I have encrypted the connection string in the app.config file, code behind, ... Add whatever encryption ... your source, put an encrypted version into the source, and decrypt it ... Obfuscation will not hide the sourcecode key from anything more than a ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Ext Drive Encrypted Files Deny Access
    ... MICROSOFT wrote: ... > think all I had to do was delete the partition first, to put XP on C., ... > that's why I think it's EFS produced encryption and not Winzip's. ... decrypt or otherwise manipulate those encrypted files ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Ext Drive Encrypted Files Deny Access
    ... MICROSOFT wrote: ... > think all I had to do was delete the partition first, to put XP on C., ... > that's why I think it's EFS produced encryption and not Winzip's. ... decrypt or otherwise manipulate those encrypted files ...
    (microsoft.public.security)
Loading